package com.mcj.quickstart.config;

import com.mcj.quickstart.handler.McjSuccessHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
	
	@Autowired
	AuthenticationSuccessHandler successHandler;
	
	@Autowired
	AuthenticationFailureHandler failureHandler;
	
	@Autowired
	LogoutSuccessHandler logoutSuccessHandler;
	
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.formLogin()
				// 将登录表单的成功处理操作交给自定义的处理器，注意必须使用form表单才能使用该处理器
				.successHandler(successHandler)
				// 认证失败处理器
				.failureHandler(failureHandler);
		
		http.logout()
				.logoutSuccessHandler(logoutSuccessHandler);
		
		http.authorizeRequests().anyRequest().authenticated();		// 所有请求都需要经过认证
	}
}
